This week law enforcement agencies around the world successfully disarmed the Emotet botnet. Avast alone, a leading provider of solutions for digital security and privacy, claims to have blocked more than 2020 million Emotet attacks on its users worldwide in 5,9.
In one of the largest and most effective global takedown operations to date, police forces from Canada, France, Germany, Lithuania, the Netherlands, Ukraine, the United Kingdom and the US, coordinated by Europol and Eurojust, took control of Emotet's servers. This gave them access to the botnet and the data that the Emotet group collected from their victims.
Milestone in the fight against cybercrime.
“The demolition of Emotet is a real milestone in the fight against cybercrime. Emotet worked like a Swiss Army Knife, allowing criminals to steal passwords, steal money from online bank accounts and add victims' computers to a botnet - turning them into remote-controlled robots - from which further phishing campaigns can be launched to let. Emotet was known for using strong obfuscation techniques to make it more difficult for antivirus software to detect. In addition, the Emotet developers offered their malware as “malware-as-a-service” so that other criminals could also use the malware. The authorities' easing of the program is therefore very positive news for the cybersecurity world, ”explains Adolf Streda, Malware Analyst at Avast.
Emotet: Help for those affected
Control over the Emotet servers enables law enforcement agencies to help those affected:
- According to the Federal Criminal Police Office (BKA) was able to make the malware on affected victim systems unusable for the perpetrators by taking over the Emotet infrastructure. The malware was moved to quarantine on these systems and the communication parameters were adjusted. The transmitted IP addresses are forwarded to the responsible network operators so that they can inform their customers accordingly. The BSI also provides information on cleaning up infected systems.
- The Dutch police have also created a login page, on which users can check whether their own e-mail address is part of the confiscated data. This allows users to find out whether they have been infected by the Emotet group.
As a first step, these measures are intended to help users find out whether they are affected at all. In the second step, those affected are supported in ridding their systems of the malware.
Is the danger now over?
So far, there have been no known charges or arrests, suggesting that the law enforcement actions are likely to have had results only on the attackers' tools and not on the attackers themselves. This could mean that the Emotet group is trying to regroup and rebuild. One of the reasons for this is the group's high level of adaptability. Even if the group doesn't have their botnet, they may have other copies of the data to try to build a new botnet with.
More on avast.com
About Avast Avast (LSE: AVST), a FTSE 100 company, is a leading global provider of digital security and privacy products. Avast has over 400 million online users and offers products under the Avast and AVG brands that protect people from threats from the Internet and the evolving IoT threat landscape. The company's threat detection network is one of the most advanced in the world, using technologies like machine learning and artificial intelligence to detect and stop threats in real time. Avast's digital security products for mobile, PC or Mac have been top-rated and certified by VB100, AV-Comparatives, AV-Test, SE Labs and other test institutes.